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DETAILED ACTION 



1. 



Claims 1-2, 4-10, 12-18, and 20 is pending. 



Applicants have cancelled claims 3, 1 1 , and 19. 



2. 



This is a Non-Final rejection. 



Claim Rejections - 35 USC §103 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived by 
the manner in which the invention was made. 



3. Claims 1-2, 4-10, 12-18, and 20 are rejected under 35 U.S.C. 103(a) as 
being unpatentable by Scherr, et al. (US 7,134,138), and further in view of 
Challener, et al. (US 7,194,762). 

As per claim 1: 

Scherr discloses a method of managing authorization tokens within a 
computer system comprising: 

creating a master owner token (coL7, lines 63-65) indicating full 
ownership [of a trusted platform module] within the computer system by a 
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management environment; ((col. 5, lines 48-53 and coL7, lines 40-50; Scherr 
discloses a master token and that the data access manager creates and 
distributes tokens and host tokens used to identify and authenticate host 
computers.), 

creating at least one delegate owner token for a delegated environment; 
(col. 6, lines 49-50 and col. 7, lines 18-21; Scherr discloses a host token is 
the claimed delegate owner that identifies the host in the request sent to 
authorize access to data (col.5, lines 49-50). The claimed delegated 
environment can broadly be interpreted as components, computers, 
systems, etc. according to the host token.) 

communicating the delegate owner token to the delegated environment 
[and to the trusted platform module] \ and (col.5, lines 50-54) 

allowing access [to the trusted platform module] by the delegated 
environment when the delegated environment presents a valid delegate owner 
token [to the trusted platform module] , (col. 13, lines 23-35 and col. 14, lines 
49-65) 

Scherr discloses creating a master token of a data access manager and 
allowing access to the data access manager rather than for a trusted platform 
module (TPM). Thus, Scherr did not include a TPM. 

Challener discloses a method and system for improved security 
password-based access to computer networks. The system comprises a server 
where the server comprises a security chip (col. 2, lines 45-49). The invention 
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comprises a security chip, such as a Trusted Platform Module (TPM) where a 
phrase is signed by the security chip using an encryption key assigned either 
to the remote user or the security chip (col. 2, lines 16-18 and 28-32). The 
security chip comprises encryption keys, such as a public key/ private key pair 
assigned to the chip (col. 2, lines 51-53). Challener discloses a remote user 
request access to the computer network by providing an ID and password to 
the server (col. 3, lines 4-7). The password is according to the remote user and 
for access to the server. Thus, the system comprising a server reads on the 
claimed delegated environment and the remote user password reads on the 
delegate owner token because the user's password is given to the server and to 
the security chip (TPM) as claimed (col. 4, lines 57-59). Challener teaches 
using a security chip further decreases the exposure to brute force attacks and 
such TPM allow only certain number of unsuccessful entries of a password 
before a user is locked (col.3, lines 24-26). So the user of the security chip 
enforces protection against hardware hammering (col. 4, lines 15-19). 

Therefore, it would have been obvious for a person of ordinary skills in 
the art to combine the teaching by Scherr of the master token to indicate full 
ownership and to allow access with the teaching of a trusted platform module 
(TPM) as taught by Challener because using a security chip decrease the 
exposure to brute force attacks and enforces protection against hardware 
hammering (col.3, lines 24-26 and col. 4, lines 18-19). 

As per claim 2: See Scherr on col.8, lines 34-37; discloses the method of 
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claim 1, further comprising storing the master owner token in a secure storage 
within the computer system. 
As per claim 3: Cancelled 

As per claim 4: See Scherr on col.5, lines 50-54; discloses the method of 
claim 1, wherein the management environment assigns a delegate owner token 
to a delegated environment by sealing the delegate owner token to the 
delegated environment. 

As per claim 5: See Scherr on col.7, lines 64-65; discloses the method of 
claim 1 , wherein the master owner token indicates the management 
environment can change at least one of the master owner token and a delegate 
owner token. 

As per claim 6: See Scherr on col. 5, lines 31-36; discloses the method of 
claim 1, further comprising launching the management environment before 
launching the delegated environment. 

As per claim 7: See col.8, lines 22-25 and 62-64; discloses the method of 
claim 1 , further comprising storing the delegate owner token in an access 
control list in the resource. 

As per claim 8: See Scherr on col. 12, lines 41-49; discloses the method of 
claim 1 , further comprising removing, by the management environment, a 
delegate owner token from the access control list and adding a different 
delegate owner token to the access control list. 
As per claim 9: 
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Scherr discloses an article comprising: 

a storage medium having a plurality of machine readable instructions, 
wherein when the instructions are executed by a processor (col.6, lines 57- 
67), the instructions provide for managing authorization tokens within a 
computer system by creating a master owner token (col.7, lines 63-65) 
indicating full ownership [of a trusted platform modulej within the computer 
system by an administrative environment; (col. 5, lines 48-53 and col.7, lines 
40-50; Scherr discloses a master token and that the data access manager 
creates and distributes tokens and host tokens used to identify and 
authenticate host computers.), 

creating at least one delegate owner token for a environment; (col.6, 
lines 49-50 and col.7, lines 18-21; Scherr discloses a host token is the 
claimed delegate owner that identifies the host in the request sent to 
authorize access to data (col.5, lines 49-50). The claimed delegated 
environment can broadly be interpreted as components, computers, 
systems, etc. according to the host token.) 

communicating the delegate owner token to the environment [and to the 
trusted platform module) \ and (col.5, lines 50-54) 

allowing access [to the trusted platform modulej by the environment when 
the environment presents a valid delegate owner token [to the trusted platform 
module] (col. 13, lines 23-35 and col. 14, lines 49-65) 
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Scherr discloses creating a master token of a data access manager and 
allowing access to the data access manager rather than for a trusted platform 
module (TPM). Thus, Scherr did not include a TPM. 

Challener discloses a method and system for improved security 
password-based access to computer networks. The system comprises a server 
where the server comprises a security chip (col. 2, lines 45-49). The invention 
comprises a security chip, such as a Trusted Platform Module (TPM) where a 
phrase is signed by the security chip using an encryption key assigned either 
to the remote user or the security chip (col. 2, lines 16-18 and 28-32). The 
security chip comprises encryption keys, such as a public key/ private key pair 
assigned to the chip (col. 2, lines 51-53). Challener discloses a remote user 
request access to the computer network by providing an ID and password to 
the server (col. 3, lines 4-7). The password is according to the remote user and 
for access to the server. Thus, the system comprising a server reads on the 
claimed delegated environment and the remote user password reads on the 
delegate owner token because the user's password is given to the server and to 
the security chip (TPM) as claimed (col.4, lines 57-59). Challener teaches 
using a security chip further decreases the exposure to brute force attacks and 
such TPM allow only certain number of unsuccessful entries of a password 
before a user is locked (col. 3, lines 24-26). So the user of the security chip 
enforces protection against hardware hammering (col.4, lines 15-19). 



Application/ Control Number: 10/686,343 Page 8 

Art Unit: 2135 

Therefore, it would have been obvious for a person of ordinary skills in 
the art to combine the teaching by Scherr of the master token to indicate full 
ownership and to allow access with the teaching of a trusted platform module 
(TPM) as taught by Challener because using a security chip decrease the 
exposure to brute force attacks and enforces protection against hardware 
hammering (col.3, lines 24-26 and col.4, lines 18-19). 

As per claim 10: See Scherr on col. 8, lines 34-37; discloses the article of 
claim 9, further comprising instructions for storing the master owner token in 
a secure storage within the computer system. 
As per claim 11: Cancelled 

As per claim 12: See Scherr on col.5, lines 50-54; discloses the article of 
claim 9, wherein the management environment assigns a delegate owner token 
to a delegated environment by sealing the delegate owner token to the 
delegated environment. 

As per claim 13: See Scherr on col.7, lines 64-65; discloses the article of 
claim 9, wherein the master owner token indicates the management 
environment can change at least one of the master owner token and a delegate 
owner token. 

As per claim 14: See Scherr on col.5, lines 31-36; discloses the article of 
claim 9, further comprising instructions for launching the management 
environment before launching the environment. 

As per claim 15: See Scherr on col. 8, lines 22-25 and 62-64; discloses the 
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article of claim 9, further comprising instructions for storing the delegate owner 
token in an access control list in the resource. 

As per claim 16: See Scherr on col. 12, lines 41-49; discloses the article of 
claim 9, further comprising instructions for removing, by the management 
environment, a delegate owner token from the access control list and adding a 
different delegate owner token to the access control list. 
As per claim 17: 

Scherr discloses a computer system comprising: 

a plurality of environments; 

a management environment to create a master owner token (col. 7, lines 
63-65) indicating full ownership [of a trusted platform module] within the 
computer system (col.5, lines 48-53 and col.7, lines 40-50; Scherr discloses 
a master token and that the data access manager creates and distributes 
tokens and host tokens used to identify and authenticate host 
computers.), to create a plurality of delegate owner tokens indicating partial 
ownership [of the trusted platform module] (col.6, lines 49-50 and col.7, lines 
18-21; Scherr discloses a host token is the claimed delegate owner that 
identifies the host in the request sent to authorize access to data (col.5, 
lines 49-50). The claimed delegated environment can broadly be 
interpreted as components, computers, systems, etc. according to the 
host token.), and 
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to communicate a selected one of the delegate owner tokens to a selected 
one of the plurality of environments [and to the trusted platform module] ', (col. 5, 
lines 41-54) 

wherein [the trusted platform module] stores delegate owner tokens 
received from the management environment and allows access [to the trusted 
platform module] by the selected environment when a valid delegate owner 
token is presented [to the trusted platform module] by the selected environment, 
(col. 13, lines 23-35 and col. 14, lines 49-65) 

Scherr discloses creating a master token of a data access manager that 
function as a master password (col. 7, lines 63-64) and allowing access to the 
data access manager rather than for a trusted platform module (TPM). Thus, 
Scherr did not include a TPM. 

Challener discloses a method and system for improved security 
password-based access to computer networks. The system comprises a server 
where the server comprises a security chip (col. 2, lines 45-49). The invention 
comprises a security chip, such as a Trusted Platform Module (TPM) where a 
phrase is signed by the security chip using an encryption key assigned either 
to the remote user or the security chip (col. 2, lines 16-18 and 28-32). The 
security chip comprises encryption keys, such as a public key/ private key pair 
assigned to the chip (col. 2, lines 51-53). Challener discloses a remote user 
request access to the computer network by providing an ID and password to 
the server (col. 3, lines 4-7). The password is according to the remote user and 
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for access to the server. Thus, the system comprising a server reads on the 
claimed delegated environment and the remote user password reads on the 
delegate owner token because the user's password is given to the server and to 
the security chip (TPM) as claimed (col. 4, lines 57-59). Challener teaches 
using a security chip further decreases the exposure to brute force attacks and 
such TPM allow only certain number of unsuccessful entries of a password 
before a user is locked (col. 3, lines 24-26). So the user of the security chip 
enforces protection against hardware hammering (col.4, lines 15-19). 

Therefore, it would have been obvious for a person of ordinary skills in 
the art to combine the teaching by Scherr of the master token to indicate full 
ownership and to allow access with the teaching of a trusted platform module 
(TPM) as taught by Challener because using a security chip decrease the 
exposure to brute force attacks and enforces protection against hardware 
hammering (col. 3, lines 24-26 and col.4, lines 18-19). 

As per claim 18: See Scherr on col. 8, lines 34-37; discloses a computer 
system of claim 17, further comprising a secure storage to store the master 
owner token. 

As per claim 19: Cancelled 

As per claim 20: See Scherr on col. 5, lines 50-54; discloses the computer 
system of claim 19, wherein the trusted platform module comprises an access 
control list for storing the delegate owner tokens received from the 
management environment. 
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Response to Arguments 

4. Applicant's arguments, filed 4/ 10/2007, with respect to the 
rejection(s) of claim(s) 1-20 under USC 102(e) over Scherr, et al. have been 
fully considered and are persuasive. Therefore, the rejection has been 
withdrawn. However, upon further consideration, a new ground(s) of 
rejection is made in view of the Scherr and Challener combination. 



Conclusion 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to LEYNNA T. HA whose telephone 
number is (571) 272-3851. The examiner can normally be reached on Monday 
- Thursday (7:00 - 5:00PM). 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on (571) 272-3859. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see 
http://pair-direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217- 
9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 
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